Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/iris-it/lmod-authz-ldap
https://github.com/iris-it/lmod-authz-ldap
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/iris-it/lmod-authz-ldap
- Owner: iris-it
- Created: 2017-11-30T13:07:14.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2019-08-02T12:47:22.000Z (over 5 years ago)
- Last Synced: 2023-12-16T20:40:58.497Z (about 1 year ago)
- Language: HTML
- Size: 69.3 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
# Authz Ldap Module
Documentation du module d'authentification et d'authorisation
## Fonctionnalités
#### Guest
- Sign in
#### Admin
- List of users
-- Assign role to user
-- Trigger ldap sync
- List of permissions
-- Parse from source file
-- Edit descriptions
- List of roles
-- Create role
-- Edit role
--- Assign permissions to role
## Install
Begin by installing this package through Composer. Edit your project's composer.json file to require laravelcollective/html.
composer require `"laravelcollective/html":"^5.4.0"`
composer require `"adldap2/adldap2-laravel": "^3.0"`
Next, add your new provider to the providers array of config/app.php:
```php
'providers' => [
// ...
Collective\Html\HtmlServiceProvider::class,
Irisit\AuthzLdap\AuthzServiceProvider::class,
Adldap\Laravel\AdldapServiceProvider::class,
Adldap\Laravel\AdldapAuthServiceProvider::class,
// ...
],
```
Finally, add two class aliases to the aliases array of config/app.php:
```php
'aliases' => [
// ...
'Form' => Collective\Html\FormFacade::class,
'Html' => Collective\Html\HtmlFacade::class,
'Adldap' => Adldap\Laravel\Facades\Adldap::class,
// ...
],
```
Replace all the in the `App\User::class`
```
string('firstname');
$table->string('lastname');
$table->string('username')->unique();
```
Replace the line in `App\Http\Kernel.php`
`'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,`
by
`'guest' => \Irisit\AuthzLdap\Http\Middleware\RedirectIfAuthenticated::class,`
And add at the end ( after guest )
`'role' => \Irisit\AuthzLdap\Http\Middleware\RedirectIfNotRole::class,`
so you can use the middleware 'role' to protect a route or a group like this `middleware => 'role:admin,manager'`
Run
`php artisan db:seed --class=Irisit\AuthzLdap\Database\Seeds\DatabaseSeeder`
Add to config/filesystem.php
```
'base' => [
'driver' => 'local',
'root' => base_path() . DIRECTORY_SEPARATOR,
],
```
Add this to app/Exceptions/Handler.php
```php
/**
* @override
* @param \Illuminate\Http\Request $request
* @param AuthenticationException $exception
* @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
*/
protected function unauthenticated($request, AuthenticationException $exception)
{
return $request->expectsJson()
? response()->json(['message' => 'Unauthenticated.'], 401)
: redirect()->guest(route('authz.get_login'));
}
```
And run `php artisan vendor:publish --provider="Irisit\AuthzLdap\AuthzServiceProvider"` to get the configuration file and the seeder file
For the seeder add `$this->call(RoleTableSeeder::class);` to the `/database/seeders/DatabaseSeeder.php`
to import users :
`php artisan adldap:import`
to get groups :
`php artisan lmod_authz:import_groups_ldap`
to get permissions :
`php artisan lmod_authz:parse_permissions`
to promote user as admin :
`php artisan lmod_authz:promote_user_admin`
_______________________________
In order to use the filters you have to create a scope
```
rawFilter(config('irisit_authz.ldap_filters'));
}
}
```
And add the scope to `adldap_auth.php` config file
```
'scopes' => [
// Only allows users with a user principal name to authenticate.
App\Scopes\SamAccountNameScope::class,
App\Scopes\FilterScope::class, <---
],
```